Date: Wed, 03 Jan 2018 21:54:49 -0800 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: freebsd-security@freebsd.org Subject: Re: Intel hardware bug Message-ID: <20920.1515045289@segfault.tristatelogic.com> In-Reply-To: <0bb7ffc6-fa51-98db-9dc1-1bd49e1c7b44@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <0bb7ffc6-fa51-98db-9dc1-1bd49e1c7b44@metricspace.net>, Eric McCorkle <eric@metricspace.net> wrote: >Given enough skill, resources, and motivation, it's likely that an >attacker could craft a javascript-based version of the attack, then >every javascript website (aka all of them) is a potential attack vector. While I can only agree with the essence of what you've said, I feel compelled to take issue with your use of future tense in this context. Unless you have access to the innermost compartmentalized data sources of at least all of NSA, FSB, and Mossad, I think it qualifies as being, at best, speculation to believe that none of the proverbial "state actors" have managed to stumble upon any of these horrendous security problems which are alleged to have been present already for a good decade or more, in chips used in and distributed throughout the entire world. Data isolation between unrelated user-level processes and between user-level processes and the kernel is, as I understand it, the bedrock upon which essentially all computer security rests. As such, it would seem to be a thing that would likely have been poked and prodded, relentlessly, by any actor which, during the past ten years or more, has yearned for unlimited knowledge about friends, enemies, or both. Can we know that none of them "crafted a javascript-based version of the attack" against any of these several issues already, and perhaps even years ago? (They might have done so and then, realizing the value of what they found, compartmentalized the information in a place where even Snowden would never have been aware of it.) Alright. So call me paranoid, if you like. But I seem to dimly recall that there was some executive at some Silicon Valley based semiconductor company who, years ago, advised people that paranoia might actually be an admirable quality, at least for those wishing to survive. Regards, rfg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20920.1515045289>